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FOR 



UNITED STATES LETTERS PATENT 



Be it known that we, Danny M Nessett, a citizen of the United States of America, 
residing at 34810 Wabash River Place, Fremont, CA 94555, United States of America, 
Clive Dolphin, a citizen of Great Britain, residing at 3 Old Oak, Cotton Mill Lane. St 
Albans. Hertfordshire. ALl 2EF, England and Alexander S Brown, a citizen of the 
United States of America, residing at 22 Wood Street (PO Box 341), Hopkinton, MA 
01748-0341, United States of America have invented new and useful improvements m- 

METHOD FOR SECURE INSTALLATION OF DEVICE IN PACKET-BASED 
COMMU^TCATION NETWORK 

of which the follow ing is a specification 



METHOD FOR SECURE INSTALLATION OF DEVICE IN PACPCET-BASED 
COMMUNICATION NETWORK 



Field of the Invention 

5 

Tilis invention relates to the installation of a device in a packet-based communication 
network The term 'device' is generally intended to refer a hardware device which can 
receive and forward addressed data packets and therefore includes such devices as 
repeaters (hubs), switches, bridges, routers and other devices which are connected by 
10 transmission media to constitute a network for the conveyance of data packets. 

Background to the Invention 

As networks increase in size, they are becoming more difficult to manage One problem in 
15 this regard is network device installation. To contain and reduce the burden on network 

administrators, manufacturers of equipment are adding 'plug and play' features to network 
devices This means that the device does not need initial configuration to be performed 
manually, either locally or remotely, before the device is operational However, little 
attention has been paid to the security implications of plug and play network device 
20 installation Either the mechanisms developed do not address security or they presume 

security will be provided by means that are not in themselves plug and play (e.g. by 
manual configuration) 

Summary of the Invention 

25 

This invention is particularly concerned with the security of plug and play network device 
installation It does so by specifying how devices securely make initial contact with a 
network or security management system, how the information exchanged during that 
contact IS then used to distribute other mfoimation that is used subsequently for secure 
30 management, how to distribute information that allows devices to be recontacted if and 

when a network or securit\ management system crashes or loses its security state and how 
to recover from a catastrophic loss of security state m the system A key idea of the 



invention is to use the uncertainty of when a device might be installed to detect 
unauthorized installations This is preferably carried out using a process feedback loop 
that notifies organisations or personnel responsible for device installation the time and 
date when devices are installed They can then check to determine if the installation was 
authorised Preferably, a record is kept of the devices installed by this process, which is 
periodically checked against a list of devices detected in the network by an automated 
sweep This is intended to discover whether any devices have been spoofed by an 
unauthorised network or security management system during the plug and play device 
installation procedure 

Brief Description of the Drawings 

Figure 1 illustrates a network switch 

Figure 2 illustrates a simplified network in which the switch is to be installed 

Figure 3 is a schematic diagram of various steps preliminary to the installation of a device 
according to the invention 

Figure 4 is a diagram illustrating the steps associated with installation of a device 
according to the mvention 

Detailed Description of a Preferred Example 

Figure 1 illustrates by way of example only a network switch, being a device of the kind 
which may be installed by a procedure according to the invention To a large extent the 
organisation and architecture of the switch is not important provided that it has, as 
indicated later, some means of storing the information required by the present invention 
and performing the processing and information exchange subsequently required 

The switch 1 is repiesented to be a muUi-porr s\M!ch Typicailv switches have up to two 
dozen oi moie ports but the switch shown m Figuie 1 is iHustiated a^. ha\'ing tour ports 2 



3, 4 and 5 Each of these ports will include a physical layer device (not shown) and be 
associated with a port ASIC 2a, 3a, 4a and 5a respectively, which performs various media 
access control and storage of packets The switch has a bus system 6 connecting the port 
ASICs with a central processor (CPU) 7, a memory 8 which may be used for the storage 
of packets received by the switch before they are forwarded from their destination port or 
ports and a forwarding database 9 which may have in accordance with ordinary practice a 
table associating packet addresses with port numbers. The address information may be 
'layer 2' information or 'layer 3' information or both. As indicated previously, the 
architecture of the switch is not important and the foregoing is given only by way of 
example 

Figure 2 illustrates a simple form of network, comprising a management station 20, a 
repeater 21, and a switch 22, which is connected to the repeater and is also connected by 
respective ports to two 'user' terminals, in this case personal computers (PCs) 23 and 24 
The installation which is to be described will be that of a new switch (1) to the repeater 21 

Obviously in a simple form of network shown in Figure 2 there is not the complexity 
which is characteristic of most network installations. In general however the addition of 
new devices such as switches and repeaters is necessary from time to time as a network is 
built up or expanded in capacity 

It is customary when installing new switches 1 in an existing network to perform manual 
configuration on the switch Manual configuration would involve generating a set of 
security keys for the device and typing those security keys in via a terminal connected to 
the device prior to installation The same security keys along with a device identifier, such 
as the device's serial number or EP address would then have to be typed into the security 
network management station 

Manual configuration is generally reckoned to be burdensome and error prone, and there 
is a growing preference for the manufacture of devices which can be regarded as 'plug 
and play' in that thev require little more than the normal connection of connecting cables 
to their ports and powering up Any automated configuration should not lose the secunt\ 



that a manual configuration offers As indicated previously, the present invention is 
particularly concerned with the security of 'plug and play' network device installation 



With reference to Figures 1 and 3, the approach taken by the invention is to place a secret 
5 value 10 (stored in permanent memory) into each network device that is unique to it 

during its manufacture (the 'manufactured key'), (stages 31 and 32 of Figure 3). This key 
is then used to create (stage 33) another value (the 'revealed key') that may be applied 
(stage 34) to the device, for example on a label 1 1 attached to the device. There various 
suitable algorithms that can be used to compute the revealed key from the manufactured 

10 key In some situations a digital signature checksum, such as the ones produced by the 

HMAC-MD5 or HMAC-SHA-1 algorithms, might be computed using the manufactured 
key as the secret key and some other information, such as the device serial number, one of 
its MAC addresses and/or a random number as input This has the advantage of protecting 
much of the entropy in the manufactured key, allowing it to be used again to generate 

15 another revealed key that is unpredictable In other situations the algorithm might be the 

identity firnction, whereby the manufactured key and revealed key are identical Prior to 
installation, the revealed key is read and associated with other identification information 
(eg the device's serial number) and entered into a network or security management 
system that will cooperate with the device during subsequent plug and play installation 

20 Reading the revealed key and the associated identification can be a manual process or it 

can be facilitated through devices such as bar code readers or text scanners 

The security of the revealed key is suspect, since it is available for view by intruders as 
well as authorized personnel One fundamental idea in this invention is how to use the 
25 revealed key in such a way as to make it difficuh for an intruder to use it. This is 

preferably done by providing a feedback loop in the installation process that checks to 
ensure installation occurs in an authorized manner 

After the revealed key and identification information are entered into the network or 
30 security management system, the device can be installed at any subsequent time The 

invention relies on ensuring that the time of de\'ice installation not be known oi 
predictable m ad\ance by an intruder One-way to achieve this is for the entry of the 
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device information (i.e., tiie revealed key) and other identification information into the 
network or security management system to occur when the device arrives at the customer 
premises before it is stored for future installation The device would then be installed at a 
point in time decided by the customer and unknown to an intruder 

Once the revealed key and its associated network device information is available in the 
network or security management system, a network administrator can install a network 
device using the secure plug and play process specified by the invention The procedure 
followed during this process is intended to thwart three security threats 

(a) masquerade by a rogue network or security management system as an authorised 
network or security management system in a way that allows it to manage installed 
devices without detection by authorised staff; 



1 5 (b) snooping by an intruder on the transactions between an authorised network or security 

management system and a device during plug and play installation in a way that allows the 
intruder to gather security information that will protect subsequent communications, and 

(c) masquerade by a rogue network device to a network or security management system in 
20 a way that allows it to pose as an authorised network device. 



The procedure shown in Figure 4 is as follows' 



(i) The device 1 arrives at the site (stage 41) where it will be subsequently installed 
25 (stage 42) At a time before it is installed and in a way that doesn't allow someone to 

predict when it will be installed, the device identification information including the 
revealed key are read and communicated to the network or security management system 
(stage 35, Figure 3) Reading can be done manually, using a bar code reader or using some 
other automated process 



(ii) A network administrator decides to install the device This must occur in a time 
window that is not predictable by a network intruder. The length of the time window can 
be chosen by the customer 

(iii) The device 1 is connected to another network device that is currently operational in 
the network. The device 1 being installed broadcasts (stage 43) a request for a protocol 
(e g IP) address for its own use as well as the protocol address of a network or security 
management system to contact for registration Such broadcast may use the BOOTP 
protocol, the DHCP protocol or some other protocol that allows a device to obtain the 
necessary information 

(iv) The device contacts the network or security management system whose protocol (IP) 
address is obtained during step (lii) The device and network management system conduct 
a key agreement protocol exchange (stage 44) to establish a set of encryption keys that can 
be used for confidentiality protection This requires no advance sharing of state between 
the two parties. Such an exchange does not authenticate either party to the other It simply 
establishes a cryptographically protected channel that no party other than the two that 
conducted the exchange can read Examples of key agreement protocols with the 
appropriate properties are Diffie-Hellman key agreement and Shamir's three-pass 
protocol For the remainder of description the assumption is made that the key exchange 
protocol is Diffie-Hellman 

The network security management system may optionally reject the connection from the 
device if connection occurred outside of the window of time the customer allocated to 
installation of the device In this case a record is kept of the date and time of the failed 
configuration and the IP address of the device, this is used in stage (viii) 

(v) The device and network or security management system use (stage 45) the 
cryptographically protected channel to mutually authenticate each other (actually, prove to 
each other that each knows the revealed key) Mutual authentication can occur using any 
protocol that relies on the knowledge b\- both parties of a shared secret (in this case the 
revealed key) A common protocol of this type is a two-way challenge-i esponse This 



operates as follows One party (the first) issues a challenge and the other party (the 
second) uses the revealed key to compute a response The first party uses the revealed key 
to compute the response it expects and compares it with the value received If they match, 
the second party has authenticated itself to the first Then the second party issues a 
challenge and the first party uses the revealed key to compute a response If the response 
received from the first party matches that expected by the second party, the first party is 
authenticated. 

A preferred implementation of this procedure has the device create a challenge, and then 
send it using the cryptographically protected channel to the network or security 
management system, which uses the revealed key to return a response The response is 
checked by the device and if it matches that expected, the network or security 
management system has authenticated itself to the device Either as part of the message 
carrying the response or in a separate message carried over the cryptographically protected 
channel, the network or security management system sends a challenge The device 
computes the response and returns it over the cryptographically protected channel to the 
network or security management system, which checks it against the response it expects 
If they match, the device has authenticated itself to the network or security management 
system 

A preferred way to compute the challenge is to generated a random or pseudo-random 
number One way to compute the response is to use the revealed key as the secret input to 
an HMAC-MD5 or HMAC_SHA-1 computafion and the challenge as the non-secret input 

(vi) The network management system notes (stage 46) the date and time that the contact 
was made and associates with it the device identification information and the IP address of 
the device This record is used in step (viii) of this procedure 

(vii) The network or security management system produces a set of random numbers for 
distribution to the device (stage 47) These will be used as encryption keys protecting 
subsequent communications using other protocols between the network management 
system and the device It records these keys (the Work Keys) m a data structure that 



associates them with the device information It then sends the Work Keys over the 
cyptographically protected channel to the device where they are stored Examples of 
protocols for which these keys might be used are SNMPv3, RADIUS, and the Wireless 
Equivalent Protocol of 802 1 1 

The process described in this invention may also be used to achieve plug and play 
registration of the network device with the public key infrastructure (PKI). In that case, 
the procedure described above is carried out between the device and a special security 
management system called a registration authority (described in standard RFC 2510 
published by the Internet Engineering Task Force) During these steps, the registration 
authority authenticates the device and then interacts with a certification authority (RFC 
2510) to obtain a public/private key pair and a certificate for the public key The 
registration authority then communicates the private key and the public key certificate to 
the device over the cryptographically protected channel 

If there is more than one network or security management system that manages the device, 
the network or security management system that distributes the work keys and/or private 
key with public key certificate to the device uses a secure channel to move them to those 
other systems Examples of secure channels are an IPSec protected network file system 
protocol, IPSec protected distributed database protocols and a transport layer security 
(TLS) protected hypertext transfer protocol 

Using the D-H based cryptographic channel to distribute work keys and/or a private key 
with public key certificate for subsequent use addresses threat (b) above 

(viii) The network or security management system communicates (stage 48) to the 
individual or organisation responsible for the IP address used by the device that a device 
using the identification information provided was installed at the date/time noted in the 
record produced at stage The person or organisation responsible for the IP address 
used by the de\ice then checks to ensure the device installation occurred at that specified 
date/time and that the mstallation was authorised 



- 9 - 



Information on any connections rejected at stage (iv) is also passed on to the individual or 
organisation responsible for the IP address that was rejected 



An important feature of the invention is the information loop established when the 
5 network or security management system records when the device was installed, and sends 

that information to the person or organisation responsible for that IP address that 
information being then checked for validity It is this loop that enables the detection of 
installation of unauthorised devices, since even if an intruder gains access to the revealed 
key and the device identification information, he will not know when that device should 
10 be installed. The record communicated to the appropriate person or organisation that is 

responsible for the IP address will be able to recognise unauthorised installations This 
feature of the invention addresses threat (c) above 



(ix) The network or security management system periodically sweeps (stage 49) through 
15 all the addresses in all subnets for which it is responsible. This sweep, which can be 

implemented using PING (see RFC 792) or another probing mechanism, identifies all 
devices in the network The network management system then compares the list formed 
by the sweep with a list constructed from the records it compiles in step (vi) If it 
discovers there are devices on the network that have not registered themselves (or been 
20 registered is some other way in the case of equipment without a plug and play installation 

capability), it notifies the appropriate network administrators, who can then determine 
whether the device is legitimate or not 

Sweeping for devices that have not been registered will catch any devices that have been 
25 spoofed by a rogue network or security management system, and deals with threats (a) 

above 



(x) In addition to sending the work keys over the D-H based cryptographic channel, the 
network or security management system sends to the device over the cryptographic 
30 channel a reset kev (stage 50) This key is stored by the device and recorded by the 

network or secuntv management svstem on removable or other recoxerable storage Reset 
keys may be unique to each installed device, unique to a group of devices or they may be 



one key for all the devices managed by a (set of) network or security management 
systems 

If the network or security management system fails in a way that it loses the work keys for 
the devices it manages, a reconstituted network or security management system can use 
the reset keys to re-establish contact with those devices It does this by sending a special 
command to each device and includes in it a message digest of the command using the 
reset key as the secret value This command instructs the device to participate in a Diffie- 
Hellman key agreement exchange with the network or security management system. After 
this exchange, the corresponding cryptographic channel based on that exchange is used to 
distribute new work keys for the dependent protocols In addition the network or security 
management system sends to the device a new reset key and records it on removeable or 
other recoverable storage 

If a catastrophic system failure occurs whereby the network or security management 
system loses the current work keys for devices as well as the reset keys for those devices, 
management of the device can be recovered as follows. 

A terminal connection is established to the device through a physically secure or 
operationally secure means The device is then instructed to generate a new revealed key 
from the manufactured key (see above for a description of how to generate a revealed key 
from a manufactured key) The revealed key is displayed over the terminal connection 
When instructed to create this revealed key, the device sends network management alarms 
to the network or security management system This is to protect the device against 
intruder initiated penetration attempts 

The revealed key is communicated to the network or security management station and the 
device is then instructed through the terminal connection in initiate a plug and play device 
installation procedure as described above 

Theie are several exception situations that must be handled by the plug and play 
installation procedure These are 



(1) If a device initiates a D-H excliange, but it does not complete within a certain time 
interval, the device abandons the attempt It then begins the exchange sequence from 
scratch This guards against an intruder's attempt to crypto-analyze the D-H exchange by 
blocking communications for a long period of time, giving it time to do the analysis 

(2) After the D-H based cryptographic channel is established, if work keys and/or private 
key/public key certificate are not communicated to the device within a specified interval 
of time, the device abandons the plug and play device installation attempt This also 
guards against crypto-analysis attack 



Claims 

1 A method of installing a network device in a packet-based data communication 
network and checking the authenticity of the installation, comprising the steps of 

(a) communicating identification information of the device to a management system, 

(b) installing said device, 

(c) obtaining from a protocol address administrator a protocol address for said device, 

(d) sending a communication from the device to the management system; 

(e) conducting a key agreement protocol exchange between said device and said 
management system to establish a set of encryption keys, 

(f) using said set of encryption keys to provide mutual authentication by said device and 
said management system, 

(g) associating, within said management system, the time of said communication in step 
(d) with said identification information and the protocol address of the device, 

(h) communicating from said management system to said administrator a message 
including said identification information, said protocol address and said time. 

2 A method according to claim 1 wherein, after said step (g) said management system 
produces further encryption keys for subsequent communications between said 
management system and said device 

3 A method according to claim 2 wherein said management system sends to said device a 
reset ke\ enabling leiteration of a ke\' agreement protocol exchange corresponding to step 
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4 A method according to claim 1 and further comprising periodically sweeping through 
all addresses available to said management system and comparing said addresses with 
addresses of devices compiled by means of step (f) 

5 

5 A method according to claim 1 wherein said identification information includes a 
revealed encryption key 

6 A method according to claim 5 wherein said device has stored therein a manufactured 
1 0 encryption key which is related to said revealed encryption key, 



ABSTRACT OF THE DISCLOSURE 



A method of installing a network device in a packet-based data 
communication network and checking the authenticity of the installation includes: 
(a) communicating identification information of the device to a management 
system; (b) installing the device; (c) obtaining from a protocol address 
administrator a protocol address for the device; (d) sending a communication 
from the device to the management system; (e) conducting a key agreement 
protocol exchange between the device and the management system to establish a 
set of encryption keys; (f) using the set of encryption keys to provide mutual 
authentication by the device and the management system; (g) associating, within 
the management system, the time of the communication in step (d) with the 
identification information and the protocol address of the device; and (h) 
communicating from the management system to the administrator a message 
including the identification information, the protocol address and the time. 
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= yssued thereon And on behalf of the owner(s) hereof, I hereby appoint NIXON & VANDERH YE P.O., 1100 North Glebe Rd., 8* Floor, Arlington, VA 
:.,i222tt1-4714, telephone number (703) 816-4000 (to whom all communications are to be directed), and the following attorneys thereof (of the same 
?==address) individually and collectively owner's/owners' attorneys to prosecute this application and to transact all business in the Patent and Trademark Office 
^==tonnected therewith and with the resulting patent Arthur R Crawford, 25327, Larry S Nixon, 25640, Robert A Vanderhye, 27076, James T Hosmer, 
EfeOI 84; Robert W Fans. 31352, Richard G Besha. 22770, Mark E, Nusbaum, 32346, MichaelJ Keenan, 32106, Bryan H Davidson, 30251; Stanley C 
Spooner, 27393. Leonard C Mitchard, 29009, Duane M Byers, 33363, Jeffry H Nelson, 30481 , John R Lastova, 331 49. H Warren Burnam. Jr 29366. 
Thomas E Byrne. 32205, Mary J Wilson, 32955, J Scott Davidson, 33489, Alan M Kagen, 36178; Robert A, Molan, 29834, B J Sadoff, 36663, James D 
Berqulst, 34775, Updeep S Gill, 37334, Michael J Shea, 34725, Donald L Jackson, 41090, Michelle N. Lester, 32331 , Frank P Presta, 19828, Joseph S 
Presta, 35329 1 also authorize Nixon & Vanderhye to delete any attorney names/numbers no longer with the firm and to act and rely solely on instructions 
directly communicated from the person, assignee, attorney, firm, or other organization sending instructions to Nixon & Vanderhye on behalf of the owner(s) 



1. 



s Signatur 



Residence (city) 
Post Office Address 
(Zip Code) 



Residence (city) 
Post Office Address 
(Zip Code) 



Danny M NESSETT 

(first) Ml (last) 

Fremont (state/country) USA 

34810 Wabash River Place, Fremont, CA 94555, United States of America 



Date- 



DOLPHIN 
(last) 

(state/country) Great Britain 



II Lane St Albans, Hertfordshire, AL1 2EF, England 



FOR ADDITIONAL INVENTORS, check box Kl and attach sheet with same information and signature and date for each. 



RULE 63 (37 C.F.R. 1.63) 
DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Nixon & Vanderhye P C (12/95) 



Inventor's Signatur 



Alexander S 
(first) Ml 

Residence (city) Hopkinton 

Post Office Address PO Box 341 , Hopkinton. MA 01748-0341 , United States of America 
(Zip Code) 01748-0341 



BROWN 
(last) 

(state/country) USA 



105165DI 



N won & Vanderhye P C . ( 1 0/99) 
(Domestic Non-Assigned/Foreign) 

RULE63{37 C.F.R. 1.63) 
DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

As a below named inventor, I hereby declare ttiat my residence, post office address and citizenship are as stated below next to my name, and I believe I am the 
original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names are listed below) of the subject matter 
which is claimed and for which a patent is sought on the invention entitled. 

METHOD FOR SECURE INSTALLATION OF DEVICE IN PACKET-BASED COMMUNICATION NETWORK 

the specification of which (check applicable box(s)) 
^ is attached hereto 

□ was filed on as U S Application Senal No (Atty Dkt No 

± 

□ was filed as PCT International application No on 

and (if applicable to U S or PCT application) was amended on 

I hereby state that I have reviewed and understand the contents of the above identified specification, including the claims, as amended by any amendment 
referred to above I acknowledge the duty to disclose information which is material to the patentability of this application in accordance with 37 C F.R. 1 .56 I 
hereby claim foreign pnority benefits under 35 U S.C 1 19/365 of any foreign application(s) for patent or inventor's certificate listed below and have also 
identified below any foreign application for patent or inventor's certificate having a filing date before that of the application on which prionty is claimed or, if no 
priority is claimed, before the filing date of this application. 
Priority Foreign Application(s) 

Application Number Country Day/Month/Year Filed 



ylhereby claim the benefit under 35 U S.C 1 20/365 of all prior United States and PCT international applications listed above or below and, insofar as the 
I j^ubject matter of each of the claims of this application is not disclosed in such prior applications m the manner provided by the first paragraph of 35 U.S C. 
.^il2, I acknowledge the duty to disclose matenal information as defined in 37 C.F R 1 .56 which occurred between the filing date of the prior applications anc 
i 5{he national or PCT international filing date of this application 



Day/Month/Year Filed 



="1 hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief are believed to be true; 
L^Jand further that these statements were made with the knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or 
i tooth, under Section 1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the application or any patent 
_\jssued thereon And on behalf of the owner(s) hereof, I hereby appoint NIXON & VANDERHYE P.O., 1100 North Glebe Rd., 8'" Floor, Arlington, VA 
22201-4714, telephone number (703) 816-4000 (to whom all communications are to be directed), and the following attorneys thereof (of the same 
Ijaddress) individually and collectively owner's/owners' attorneys to prosecute this application and to transact all business in the Patent and Trademark Office 
===i;Connected therewith and with the resulting patent Arthur R Crawford, 25327; Larry S Nixon, 25640, Robert A Vanderhye, 27076, James T. Hosmer, 
"■'"30184; Robert W Fans. 31352. Richard G Besha. 22770, Mark E Nusbaum, 32348, Michael J Keenan, 32106, Bryan H. Davidson, 30251 , Stanley C 
Spooner, 27393, Leonard C Mitchard, 29009. Duane M Byers. 33363, Jeffry H Nelson, 30481; John R Lastova, 33149, H Warren Burnam, Jr 29366, 
Thomas E Byrne, 32205, Mary J Wilson, 32955. J Scott Davidson, 33489, Alan M Kagen, 361 78, Robert A Molan, 29834; B J Sadoff, 36663, James D 
Berquist, 34776, Updeep S Gill, 37334, Michael J Shea, 34725. Donald L. Jackson. 41090, Michelle N Lester, 32331, Frank P. Presta, 1982S, Joseph S 
Presta, 35329 I also authorize Nixon & Vanderhye to delete any attorney names/numbers no longer with the firm and to act and rely solely on instructions 
directly communicated from the person, assigrj^, attor^iey, fifpi^other organization sending instructions to Nixon & Vanderhye or^ behalf of the owner(s) 



Residence (city) 
Post Office Address 
(Zip Code) 




Date 



US 

(citizenship) 



Place, Fremont, CA 94555, United States of Amenca 



DOLPHIN 
(last) 

(state/country) Great Britain 



;t Office Address 3 Old Oak, Conon Mill Lane, 31 Al bans, Hertf ordshire, AL1 2EF. England 



FOR ADDITIONAL INVENTORS, check box ^ and attach sheet with same information and signature and date for each. 



RULE 63 (37 C.F.R. 1.63) Nixon & Vanderhye P.C (12/95) 

DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Page 2 



Inventor Alexander S 

(first) Ml 

Residence' (city) Hopkinton 

Post Office Address PO Box 341 , Hopkinton, MA 01 748-0341 . United States of America 



BROWN 
(last) 

(state/country) USA 



USA 
(citizenship) 



(Zip Code) 01748-0341 



10516501 



Nixon a Vanderhye P.C (10/99) 
(Domestic Non-Assigned/Foreign) 

RULE63 (37 C.F.R. 1.63) 
DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

As a below named inventor, I hereby declare that my residence, post office address and citizenship are as stated below next to my name, and I believe I am the 
original, first and sole inventor (if only one name is listed below) or an original, first and joint inventor (if plural names are listed below) of the subject matter 
which is claimed and for which a patent is sought on the invention entitled 

METHOD FOR SECURE INSTALLATiON OF DEVICE IN PACKET-BASED COMMUNICATION NETWORK 

the specification of which (check applicable box(s)) 
^ is attached hereto 

□ was filed on as U S Application Serial No (Atty Dkt. No 

± 

□ was filed as PCT International application No on 

and (if applicable to U S or PCT application) was amended on 

I hereby state that 1 have reviewed and understand the contents of the above identified specification, including the claims, as amended by any amendment 
referred to above I acknowledge the duty to disclose information which is material to the patentability of this application in accordance with 37 C F R 1 .56 I 
hereby claim foreign priority benefits under 35 U S C. 1 1 9/365 of any foreign applicafion(s) for patent or inventor's certificate listed below and have also 
identified below any foreign application for patent or inventor's certificate having a filing date before that of the application on which priority is claimed or, if no 
priority is claimed, before the filing date of this application 
Priority Foreign Application(s)' 

Application Number Country Day/Month/Year Filed 



I hereby claim the benefit under 35 U.S C §1 19(e) of any United States provisional application(s) listed below. 
Application Number Date/Month/Year Filed 



,r=5 I hereby claim the benefit under 35 U S C 1 20/365 of all prior United States and PCT international applications listed above or below and, insofar as the 
; subject matter of each of the claims of this application is not disclosed m such prior applications in the manner provided by the first paragraph of 35 U.S.C 
M 1 2, I acknowledge the duty to disclose material information as defined in 37 C.F R. 1 .56 which occurred between the filing date of the prior applications and 

: =1 the national or PCT international filing date of this application 

;- Prior U.S./PCTApplication(s): 

- Application Serial No. Day/IVlonth/Year Filed 



Status: patented 
pending, abandoned 



} I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief are believed to be true, 
I and further that these statements were made with the knowledge that willful false statements and the like so made are punishable by fine or impnsonment, or 
:; both, under Section 1001 of Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the application or any patent 
' issued thereon And on behalf of the owner(s) hereof, I hereby appoint NIXON & VANDERHYE P.O., 1100 North Glebe Rd., 8* Floor, Arlington, VA 
22201-4714, telephone number (703) 816-4000 (to whom all communications are to be directed), and the following attorneys thereof (of the same 
i address) individually and collectively owner's/owners' attorneys to prosecute this application and to transact all business in the Patent and Trademark Office 
connected therewith and with the resulting patent Arthur R Crawford, 25327, Larry S Nixon, 25640, Robert A. Vanderhye, 27076, James T Hosmer, 
30184; Robert W Fans, 31352, Richard G Besha. 22770, Mark E Nusbaum, 32348, Michael J Keenan, 32106, Bryan H Davidson, 30251 , Stanley C 
Spooner, 27393, Leonard C Mitchard, 29009. Duane M Byers, 33363, Jeffry H Nelson, 30481 , John R Lastova, 33149, H Warren Burnam, Jr 29366, 
Thomas E Byrne, 32205, Mary J Wilson, 32955; J Scott Davidson, 33489; Alan M. Kagen, 36178, Robert A Molan, 29834; B J Sadoff, 36663, James D 
Berquist, 34776, Updeep S GiH, 37334; Michael J Shea, 34725, Donald L. Jackson, 41090, Michelle N Lester, 32331 , Frank P Presta, 19820, Joseph S 
Presta, 35329 I also authorize Nixon & Vanderhye to delete any attorney names/numbers no longer with the firm and to act and rely solely on instructions 
directly communicated from the person, assignee, attorney, firm, or other organization sending instructions to Nixon & Vanderhye oh behalf of the owner(s). 

1 . Inventor's Signature Date 



M NESSETT 
Ml (last) 

(state/country) USA 

34810 Wabash River Place. Fremont, CA 94555, United States of America 



(first)^ 
Fremont 



Residence (city) 
Post Office Address 
(Zip Code) 



Clive 
(first) 
St Albans 



DOLPHIN 
(last) 

(state/country) Great Britain 



3 Old Oak, Cotton Mill Lane. St Albans, Hertfordshire. AL1 2EF, England 



FOR ADDITIONAL INVENTORS, check box K and attach sheet with same information and signature and date for each. 



Residence (city) 
Post Office Address 
(Zip Code) 



RULE 63 (37 C.F.R. 1.63) 
DECLARATION AND POWER OF ATTORNEY 
FOR PATENT APPLICATION 
IN THE UNITED ST>^ES PATENT AND TRADEMARK OFFICE 

S BROWN 

Ml (last) 

(state/country) USA 

PO Box 341 , Hopkinton, MA 01 748-0341 , United States of America 




Nixon & Vanderhye P C (12/95) 



USA 
(citizenship) 




105165DI 



